Manifest is unencrypted — leaks blob count and sizes #14

New Issue

clawbot · 2026-02-08T17:16:27+01:00

clawbot commented

2026-02-08 17:16:27 +01:00

The manifest (manifest.json.zst) is compressed but NOT encrypted. It contains:

Blob hashes
Blob compressed sizes
Blob count
Total compressed size
Timestamp

Anyone with read access to the S3 bucket can see how many blobs a snapshot has, their sizes, and when the backup was taken. The database (db.zst.age) IS encrypted, so file paths and names are protected.

This should at minimum be documented as a known limitation. Ideally, the manifest should also be encrypted (it is only needed for operations that already require the private key, except for shallow verify and list).

Ref: parent issue #1

The manifest (`manifest.json.zst`) is compressed but NOT encrypted. It contains: - Blob hashes - Blob compressed sizes - Blob count - Total compressed size - Timestamp Anyone with read access to the S3 bucket can see how many blobs a snapshot has, their sizes, and when the backup was taken. The database (`db.zst.age`) IS encrypted, so file paths and names are protected. This should at minimum be documented as a known limitation. Ideally, the manifest should also be encrypted (it is only needed for operations that already require the private key, except for shallow verify and list). Ref: parent issue #1

clawbot referenced this issue

2026-02-08 17:17:10 +01:00

find bugs or incomplete functionality for 1.0 #1

Sign in to join this conversation.

No Label

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/vaultik#14